preserve GCS credentials on update if not set
credentials were not preserved if "prefer_database_credentials" was set to true Fixes #613
This commit is contained in:
parent
e29a3efd39
commit
52f3a98cc8
5 changed files with 21 additions and 6 deletions
2
go.mod
2
go.mod
|
@ -128,7 +128,7 @@ require (
|
|||
golang.org/x/text v0.3.7 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
||||
google.golang.org/appengine v1.6.7 // indirect
|
||||
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd // indirect
|
||||
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7 // indirect
|
||||
gopkg.in/ini.v1 v1.64.0 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||
|
|
4
go.sum
4
go.sum
|
@ -1190,8 +1190,8 @@ google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEc
|
|||
google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211016002631-37fc39342514/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd h1:8jqRgiTTWyKMDOM2AvhjA5dZLBSKXg1yFupPRBV/4fQ=
|
||||
google.golang.org/genproto v0.0.0-20211112145013-271947fe86fd/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7 h1:0LoCYJF53PEqtJOntKxGD72X/c8Xto5EZ4HLrt9D80I=
|
||||
google.golang.org/genproto v0.0.0-20211115160612-a5da7257a6f7/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
|
||||
google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||
|
|
|
@ -245,7 +245,9 @@ func updateEncryptedSecrets(fsConfig *vfs.Filesystem, currentS3AccessSecret, cur
|
|||
fsConfig.AzBlobConfig.SASURL = currentAzSASUrl
|
||||
}
|
||||
case sdk.GCSFilesystemProvider:
|
||||
if fsConfig.GCSConfig.Credentials.IsNotPlainAndNotEmpty() {
|
||||
// for GCS credentials will be cleared if we enable automatic credentials
|
||||
// so keep the old credentials here if no new credentials are provided
|
||||
if !fsConfig.GCSConfig.Credentials.IsPlain() {
|
||||
fsConfig.GCSConfig.Credentials = currentGCSCredentials
|
||||
}
|
||||
case sdk.CryptedFilesystemProvider:
|
||||
|
|
|
@ -2802,6 +2802,19 @@ func TestUserHiddenFields(t *testing.T) {
|
|||
assert.Empty(t, user5.FsConfig.SFTPConfig.PrivateKey.GetKey())
|
||||
assert.Empty(t, user5.FsConfig.SFTPConfig.PrivateKey.GetAdditionalData())
|
||||
|
||||
// update the GCS user and check that the credentials are preserved
|
||||
user2.FsConfig.GCSConfig.Credentials = kms.NewEmptySecret()
|
||||
_, _, err = httpdtest.UpdateUser(user2, http.StatusOK, "")
|
||||
assert.NoError(t, err)
|
||||
|
||||
user2, _, err = httpdtest.GetUserByUsername(user2.Username, http.StatusOK)
|
||||
assert.NoError(t, err)
|
||||
assert.Empty(t, user2.Password)
|
||||
assert.Empty(t, user2.FsConfig.GCSConfig.Credentials.GetKey())
|
||||
assert.Empty(t, user2.FsConfig.GCSConfig.Credentials.GetAdditionalData())
|
||||
assert.NotEmpty(t, user2.FsConfig.GCSConfig.Credentials.GetStatus())
|
||||
assert.NotEmpty(t, user2.FsConfig.GCSConfig.Credentials.GetPayload())
|
||||
|
||||
_, err = httpdtest.RemoveUser(user1, http.StatusOK)
|
||||
assert.NoError(t, err)
|
||||
_, err = httpdtest.RemoveUser(user2, http.StatusOK)
|
||||
|
|
|
@ -311,7 +311,7 @@ func (c *GCSFsConfig) isEqual(other *GCSFsConfig) bool {
|
|||
|
||||
// Validate returns an error if the configuration is not valid
|
||||
func (c *GCSFsConfig) Validate(credentialsFilePath string) error {
|
||||
if c.Credentials == nil {
|
||||
if c.Credentials == nil || c.AutomaticCredentials == 1 {
|
||||
c.Credentials = kms.NewEmptySecret()
|
||||
}
|
||||
if c.Bucket == "" {
|
||||
|
@ -329,7 +329,7 @@ func (c *GCSFsConfig) Validate(credentialsFilePath string) error {
|
|||
if c.Credentials.IsEncrypted() && !c.Credentials.IsValid() {
|
||||
return errors.New("invalid encrypted credentials")
|
||||
}
|
||||
if !c.Credentials.IsValidInput() && c.AutomaticCredentials == 0 {
|
||||
if c.AutomaticCredentials == 0 && !c.Credentials.IsValidInput() {
|
||||
fi, err := os.Stat(credentialsFilePath)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid credentials %v", err)
|
||||
|
|
Loading…
Reference in a new issue